数据库密码加密解密
1.引入依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
2.配置秘钥
#jasypt:
#encryptor:
#password: EbfYkitulv73I2p0mXI50JMXoaxZTKJ7
这种方式上传后能看到秘钥不合适改为下面这种方式
本地运行
改为通过环境变量来传参打包
3.对数据库进行加密
import org.gomeet.southsea.WebAppApplication;
import org.jasypt.encryption.StringEncryptor;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = WebAppApplication.class)
@WebAppConfiguration
public class EncryptTest {
@Autowired
private StringEncryptor encryptor;
@Test
public void getPass() {
String url = encryptor.encrypt(
"jdbc:mysql://rm-uf68p71xwhe12n103zo.mysql.rds.aliyuncs.com:3306/gomeet_x?characterEncoding=utf-8");
String name = encryptor.encrypt("shenzheng_rw1");
String password = encryptor.encrypt("SheZhEn9843#kjkdfdff");
System.out.println("加密后url"+url);
System.out.println("加密后name"+name);
System.out.println("加密后password"+password);
}
}
4.修改配置文件为加密后的
```java
spring:
datasource:
name: db
url: ENC(4RND3PPFNZGgC164PzRr+eQUssSljuWTg4V4VtpfgqNtlY0NQ12cwxJ2oKqF2IKRcvrCDIhuGaVl36b1oo7GSc/FlgWxCFB8AmS3svObFkAIqt9d/pDmZ+Qk9lBxXox7jyOKZOx+viDOZaC0NggfgQ==)
username: ENC(TsmrCCGhwT0I2uwi/aSqt5HA7rU+Tg4e)
password: ENC(dmV99ecbcKjL09oBSrp4F0nG7COndZ+JLDrzgI1gQFM=)
driver-class-name: com.mysql.jdbc.Driver
5.打成jar包方式运行传入秘钥
java -jar -Djasypt.encryptor.password=G0CvDz7oJn6 xxx.jar
自己配置加密解密方法
//自定义加密方法
@Configuration
public class EncryptPropertyConfig{
@Bean("jasyptStringEncryptor")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("password");
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
}
自定义解密方法
@Configuration
public class DecyptPropertyConfig {
@Bean(name = "encryptablePropertyResolver")
public EncryptablePropertyResolver encryptablePropertyResolver() {
return new EncryptionPropertyResolver();
}
class EncryptionPropertyResolver implements EncryptablePropertyResolver {
@Override
public String resolvePropertyValue(String value) {
if (StringUtils.isBlank(value)) {
return value;
}
// 值以enc开头的需要解密
if (value.startsWith("ENC")) {
return JasyptUtils.decyptPwd(value.substring("ENC@".length()));
}
// 不需要解密的值直接返回
return value;
}
}
}
public class JasyptUtils {
public static SimpleStringPBEConfig cryptOr() {
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(JasptConstant.Password);
config.setAlgorithm(StandardPBEByteEncryptor.DEFAULT_ALGORITHM);
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
return config;
}
//加密
public static String encryptPwd(String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr());
String result = encryptOr.encrypt(value);
return result;
}
//解密
public static String decyptPwd(String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr());
String result = encryptOr.decrypt(value);
return result;
}